Predictions: Cyber-Security in 2014

As the year draws to a close, there is a lot of discussion about what 2014 holds in store for information security. Will the good guys start winning against the bad guys? Have we learned the lessons of 2013? Will we see happier and brighter security days ahead?

It's fun to look into the crystal ball and make guesses on what may be coming in the year ahead. We do it for fun, like Gravity edging out 12 Years a Slave for the Best Picture Oscar, and the Broncos winning the Super Bowl. In the world of information security, predictions provide insights into what people are worried about and areas businesses are going to invest in. If done right, predictions can be thought-proving and help make decisions about how best to improve our security.

Vague predictions aren't useful, especially the ones that are just recycled from year to year. Examples include claims that the volume of mobile malware will increase, that there will be more attacks against critical infrastructure, and the number of state-sponsored attacks and cyber-espionage will grow. Some are unhelpful, such as the ones claiming a trend will continue. Yes, attackers will keep using social engineering to target victims, and we will see a lot of rain in the Northeast in April.

Security Watch received hundreds of predictions from security experts addressing a wide array of topics, from data centers to consumer electronics, advanced persistent threats (APTs) to distributed denial of service attacks (DDoS), cloud computing to mobile payments, and software to social engineering, just to name a few. We sifted out the generic, the ho-hum, and the "things will stay the same, just worse" predictions and identified a few gems in the following areas: attack targets, Internet and regulation, mobile security, online payments, and Internet of Things. Check back over the next few days and see what we think are important for 2014.

New Methods, TargetsNew technologies will pose new security risks. For example, the popularity for 3D printing means it will become easier to create physical objects to use in attacks, said TK Keanini, CTO of Lancope. Consider the kind of damage a smooth-talking scammer with an access badge can do. Social engineering and 3D printing can be a dangerous combination in 2014.

This isn't really a prediction, but rather a certainty: Attackers will step up attacks against unsupported software, such as Java 6 and Windows XP. Security experts warn that cyber-criminals are crafting attacks targeting vulnerabilities in Windows XP and will unleash them after April 8, when Microsoft officially ends support for the 12-year old operating system. Tim Rains, director of Trustworthy Computing at Microsoft doesn't pull any punches. "More Windows XP-based systems will be compromised," he said.

Perhaps people will abandon XP in the first few months of 2014? Don't hold your breath. A little under 7 percent of enterprise users and 22 percent of individuals and small business users will still be running Windows XP come April, according to estimates provided by Wolfgang Kandek, CTO of Qualys.

Data BreachesTrend Micro anticipates "one major data breach will occur every month next year." That doesn't seem like a stretch since "major data breach" is subject to interpretation. It can mean thefts of intellectual property such as source code or sensitive documents, ala Adobe or Edward Snowden. Perhaps we mean a large number of customer records compromised. Or a large service provider will be breached. A high-profile site, such as the Healthcare Exchange, may be compromised. I wonder if Trend Micro is underestimating this number.

Offensive Security Will Gain AcceptanceEven as ethical and legal debates continue, acceptance for "offensive security" and "active defense" will grow, said Michael Callahan, vice-president of security product marketing at Juniper Networks. Organizations will adopt active defense methods such as intrusion deception, where security teams act disrupt and foil cyber-attacks as they are happening. Attribution—identifying who the cyber-perpetrator is—will be important but there will be mistakes where the wrong person is accused of launching attacks.

Check Back For MoreWill cyber-attackers hit the Super Bowl this year and make the power go out just as Peyton Manning throws his third touchdown? Check back for the rest of the week for other notable security predictions.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service

//Stay Connected

Get Product Reviews, Deals, & the Latest News from PCMag

sign up

Plus, get a free copy of PCMag for your iPhone or iPad today.

Offer valid for new PCMag app downloads only. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy.

THANK YOU FOR SUBSCRIBING!

Please follow this link (or search for the PC Magazine app on your iPad or iPhone) to get your free issue. Offer valid for new app downloads.

//Featured Programs

//our current issue

Select Term:

24 issues for $29.99 ONLY $1.25 an issue! Lock in Your Savings!

12 issues for $19.99ONLY $1.67 an issue!

State

Country

This transaction is secure

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service